1.4.8 Configuring Dnsmasq to Support PXE Clients

Dnsmasq is designed to act as a DNS forwarder, DHCP server, and TFTP server for small networks. You can use dnsmasq as an alternative to configuring separate DHCP and TFTP services. For more information about dnsmasq, see the dnsmasq(8) manual page, /usr/share/doc/dnsmasq-version, and http://www.thekelleys.org.uk/dnsmasq/doc.html.

To configure dnsmasq for PXE client installation requests:

  1. Install the dnsmasq package.

    # yum install dnsmasq
  2. Edit /etc/dnsmasq.conf and configure entries for PXE clients and other systems on the network, for example:

    interface=eth1
    dhcp-range=10.0.0.101,10.0.0.200,6h
    dhcp-host=80:00:27:c6:a1:16,10.0.0.253,svr1,infinite
    dhcp-boot=pxelinux/pxelinux.0
    enable-tftp
    tftp-root=/var/lib/tftpboot

    The lines in the sample configuration file do the following:

    interface=eth1

    Listen for incoming client requests on interface eth1 only.

    dhcp-range=10.0.0.101,10.0.0.200,6h

    Reserve a pool of generally available IP addresses in the range 10.0.0.101 through 10.0.0.200 on the 10.0.0/24 subnet with a six-hour lease.

    Note

    A dhcp-range setting is required to enable the DHCP service provided by dnsmasq. If you want to configure static addresses but not an address pool, specify a static network address and the keywords static and infinite, for example:

    dhcp-range=10.0.0.253,static,infinite
    dhcp-host=80:00:27:c6:a1:16,10.0.0.253,svr1,infinite

    Reserve the IP address 10.0.0.253 with infinite lease time for svr1, which is identified by the MAC address 08:00:27:c6:a1:16.

    dhcp-boot=pxelinux/pxelinux.0

    Specify the location of the boot-loader file required by PXE clients. This example supports BIOS-based PXE clients. An entry that supports UEFI-based clients might take the following form:

    dhcp-boot=efi/BOOTX64.efi

    If you want to use a separate TFTP server instead of dnsmasq, specify its IP address after the boot-loader path, for example:

    dhcp-boot=pxelinux/pxelinux.0,10.0.0.11
    enable-tftp

    Enable the TFTP service provided by dnsmasq.

    tftp-root=/var/lib/tftpboot

    Specify the root directory for files served by TFTP. To prevent clients from accessing any file on the host, dnsmasq rejects requests that specify .. as a path element.

  3. If you configure dnsmasq to provide the TFTP service:

    1. Create the TFTP server directories, for example:

      # mkdir -p /var/lib/tftpboot/pxelinux/pxelinux.cfg
    2. Copy the installation kernel and ram-disk image files to the TFTP server directory hierarchy, for example:

      # wget http://10.0.0.11/OSimage/OL6.6/isolinux/vmlinuz \
        -O /var/lib/tftpboot/pxelinux/vmlinuz
      # wget http://10.0.0.11/OSimage/OL6.6/isolinux/initrd.img \
        -O /var/lib/tftpboot/pxelinux/initrd.img

      This example uses HTTP to obtain the files from an installation server.

    3. If you want to support BIOS-based PXE clients, install the syslinux package and copy the pxelinux.0 boot loader to the TFTP server directory hierarchy.

      # yum install syslinux
      # cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/pxelinux/pxelinux.0

      If you want to support UEFI-based PXE clients, copy the BOOTX64.efi boot loader and splash image files to the TFTP server directory hierarchy, for example:

      # wget http://10.0.0.11/OSimage/OL6.6/EFI/BOOT/BOOTX64.efi \
        -O /var/lib/tftpboot/efi/BOOTX64.efi
      # wget http://10.0.0.11/OSimage/OL6.6/EFI/BOOT/splash.xpm.gz \
        -O /var/lib/tftpboot/efi/splash.xpm.gz
    4. Create the default boot loader configuration file, for example efi/efidefault or pxelinux/pxelinux.cfg/default.

      For more information, see Section 1.4.9, “About Boot-Loader Configuration Files”.

    5. If SELinux is enabled in enforcing mode on your system, use the semanage command to define the default file type of the TFTP server directory hierarchy as tftpdir_t and then use the restorecon command to apply the file type to the entire directory hierarchy, for example:

      # /usr/sbin/semanage fcontext -a -t tftpdir_t "/var/lib/tftpboot(/.*)?"
      # /sbin/restorecon -R -v /var/lib/tftpboot
      Note

      The semanage and restorecon commands are provided by the policycoreutils-python and policycoreutils packages.

  4. If you want dnsmasq to act as a caching-only name server, configure a name server entry for 127.0.0.1 that precedes other name server entries.

    Dnsmasq ignores the 127.0.0.1 entry and forwards DNS queries to the other listed name servers. If the NetworkManager service is enabled, you can configure name service entries by using the graphical applet, the nm-connection-editor utility, or the system-config-network utility. Otherwise, you can configure name server entries directly in /etc/resolv.conf, for example:

    nameserver 127.0.0.1
    nameserver 10.0.0.8
    nameserver 10.0.0.4

  5. Start the dnsmasq service, and configure it to start after a reboot.

    # service dnsmasq start
    # chkconfig dnsmasq on

    If you make any changes to /etc/dnsmasq.conf, restart the dnsmasq service. You do not need to restart the service if you change the content of boot loader configuration files.

  6. Configure the firewall:

    1. Allow access by DHCP requests, for example:

      # iptables -I INPUT -i eth1 -p udp --dport 67:68 --sport 67:68 -j ACCEPT

      In this example, the server expects to receive requests on interface eth1.

    2. If you enable the TFTP service in dnsmasq, allow access by TFTP requests:

      # iptables -I INPUT -i eth1 -p udp --dport 69 -j ACCEPT
    3. If you want dnsmasq to act as a caching-only name server, allow access by DNS requests:

      # iptables -I INPUT -i eth1 -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT
      # iptables -I INPUT -i eth1 -p udp -m udp --dport 53 -j ACCEPT
    4. Save the configuration:

      # service iptables save

For information about configuring and using kickstart to perform automated installation, see Chapter 3, Installing Oracle Linux by Using Kickstart.